In Q4 2023, the Information Commissioner’s Office data security incident trends report revealed that it saw a 33% increase on the number of incidents reported to it, with reported cyber incidents increasing by 57%, with only those security breaches relating to personal data which were likely to pose a risk to the rights and freedom of individuals being subject to mandatory reporting requirements under Article 33 UK GDPR.

The Department for Science, Innovation and Technology’s Cyber Breaches Survey 2024 revealed that while half of businesses (50%) and around a third of charities (32%) reported having experienced some form of cyber security breach or attack in the last 12 months, just 22% of businesses and 19% of charities had formal incident response plans in place.

Preparing, and rehearsing, an incident response plan in advance of an incident not only affords valuable time and composure when there may be a tendency to panic, but also ensures that vital steps aren’t missed and will help to mitigate any harm and implement remedial measures as quickly as possible.

The potential disruptive effects of a cyber attack shouldn’t be underestimated; earlier this year, the operators of the independent luxury fashion retailer Jules B announced that while they had been able to save the business they had suffered store closures and redundancies when creditors accepted a CVA they had been forced to put in place after facing insolvency due to technical disruptions and the consequent financial pressures put on the business after it suffered a cyber attack which wasn’t covered by insurance.

If your organisation has suffered a cyber security incident and/or data breach, read our Helping Hand Incident Response Plan checklist.

If you require support in preparing for and/or responding to a cyber attack and/or data breach, notifying regulators and stakeholders,  or managing the aftermath including regulatory investigations and complaints, contact us.